aes_gmac.c - cachepc-linux - Fork of AMDESE/linux with modifications for CachePC side-channel attack

	cachepc-linux Fork of AMDESE/linux with modifications for CachePC side-channel attack
	git clone https://git.sinitax.com/sinitax/cachepc-linux
	Log \| Files \| Refs \| README \| LICENSE \| sfeed.txt
aes_gmac.c (2316B)
      1// SPDX-License-Identifier: GPL-2.0-only
      2/*
      3 * AES-GMAC for IEEE 802.11 BIP-GMAC-128 and BIP-GMAC-256
      4 * Copyright 2015, Qualcomm Atheros, Inc.
      5 */
      6
      7#include <linux/kernel.h>
      8#include <linux/types.h>
      9#include <linux/err.h>
     10#include <crypto/aead.h>
     11#include <crypto/aes.h>
     12
     13#include <net/mac80211.h>
     14#include "key.h"
     15#include "aes_gmac.h"
     16
     17int ieee80211_aes_gmac(struct crypto_aead *tfm, const u8 *aad, u8 *nonce,
     18		       const u8 *data, size_t data_len, u8 *mic)
     19{
     20	struct scatterlist sg[5];
     21	u8 *zero, *__aad, iv[AES_BLOCK_SIZE];
     22	struct aead_request *aead_req;
     23	int reqsize = sizeof(*aead_req) + crypto_aead_reqsize(tfm);
     24	const __le16 *fc;
     25	int ret;
     26
     27	if (data_len < GMAC_MIC_LEN)
     28		return -EINVAL;
     29
     30	aead_req = kzalloc(reqsize + GMAC_MIC_LEN + GMAC_AAD_LEN, GFP_ATOMIC);
     31	if (!aead_req)
     32		return -ENOMEM;
     33
     34	zero = (u8 *)aead_req + reqsize;
     35	__aad = zero + GMAC_MIC_LEN;
     36	memcpy(__aad, aad, GMAC_AAD_LEN);
     37
     38	fc = (const __le16 *)aad;
     39	if (ieee80211_is_beacon(*fc)) {
     40		/* mask Timestamp field to zero */
     41		sg_init_table(sg, 5);
     42		sg_set_buf(&sg[0], __aad, GMAC_AAD_LEN);
     43		sg_set_buf(&sg[1], zero, 8);
     44		sg_set_buf(&sg[2], data + 8, data_len - 8 - GMAC_MIC_LEN);
     45		sg_set_buf(&sg[3], zero, GMAC_MIC_LEN);
     46		sg_set_buf(&sg[4], mic, GMAC_MIC_LEN);
     47	} else {
     48		sg_init_table(sg, 4);
     49		sg_set_buf(&sg[0], __aad, GMAC_AAD_LEN);
     50		sg_set_buf(&sg[1], data, data_len - GMAC_MIC_LEN);
     51		sg_set_buf(&sg[2], zero, GMAC_MIC_LEN);
     52		sg_set_buf(&sg[3], mic, GMAC_MIC_LEN);
     53	}
     54
     55	memcpy(iv, nonce, GMAC_NONCE_LEN);
     56	memset(iv + GMAC_NONCE_LEN, 0, sizeof(iv) - GMAC_NONCE_LEN);
     57	iv[AES_BLOCK_SIZE - 1] = 0x01;
     58
     59	aead_request_set_tfm(aead_req, tfm);
     60	aead_request_set_crypt(aead_req, sg, sg, 0, iv);
     61	aead_request_set_ad(aead_req, GMAC_AAD_LEN + data_len);
     62
     63	ret = crypto_aead_encrypt(aead_req);
     64	kfree_sensitive(aead_req);
     65
     66	return ret;
     67}
     68
     69struct crypto_aead *ieee80211_aes_gmac_key_setup(const u8 key[],
     70						 size_t key_len)
     71{
     72	struct crypto_aead *tfm;
     73	int err;
     74
     75	tfm = crypto_alloc_aead("gcm(aes)", 0, CRYPTO_ALG_ASYNC);
     76	if (IS_ERR(tfm))
     77		return tfm;
     78
     79	err = crypto_aead_setkey(tfm, key, key_len);
     80	if (!err)
     81		err = crypto_aead_setauthsize(tfm, GMAC_MIC_LEN);
     82	if (!err)
     83		return tfm;
     84
     85	crypto_free_aead(tfm);
     86	return ERR_PTR(err);
     87}
     88
     89void ieee80211_aes_gmac_key_free(struct crypto_aead *tfm)
     90{
     91	crypto_free_aead(tfm);
     92}